Apple is planning to release an update specifically designed to protect users against the MacDefender malware that has been circulating for the last couple of weeks. The update for Mac OS X will automatically find and remove the malware on an infected machine and also will warn users if another infection attempt is detected.
The planned update from Apple is a rare move by the company, whose users until quite recently haven’t had to contend with much of a malware problem. The MacDefender scareware attack emerged in early May and is being used by attackers to trick users into downloading and installing a malicious application. Like other scareware attacks, MacDefender tells users that they have a piece of malware on their machine and they need to install MacDefender to help remedy the problem.
Of course, the download is malware itself and has the aim of stealing users’ credit card information. Apple is telling concerned users that if they notice an infection attempt, they should try to close their browser or even force quit the application and then delete the installer.
“A recent phishing scam has targeted Mac users by redirecting them from
legitimate websites to fake websites which tell them that their computer
is infected with a virus. The user is then offered Mac Defender
“anti-virus” software to solve the issue,” Apple said in its advisory on the MacDefender issue. This ‘anti-virus’ software is malware (i.e. malicious software). Its
ultimate goal is to get the user’s credit card information which may be
used for fraudulent purposes.
“In the coming days, Apple will deliver a Mac OS X software update that
will automatically find and remove Mac Defender malware and its known
variants. The update will also help protect users by providing an
explicit warning if they download this malware.”
The good news is that the MacDefender malware is not particularly
difficult to uninstall and doesn’t remain persistent on the machine
after you attempt to delete, as some Windows-based malware will. Here are the steps that Apple recommends for users who have been infected by MacDefender:
- Move or close the Scan Window
- Go to the Utilities folder in the Applications folder and launch Activity Monitor
- Choose All Processes from the pop up menu in the upper right corner of the window
- Under the Process Name column, look for the name of the app and
click to select it; common app names include: MacDefender, MacSecurity
or MacProtector - Click the Quit Process button in the upper left corner of the window and select Quit
- Quit Activity Monitor application
- Open the Applications folder
- Locate the app ex. MacDefender, MacSecurity, MacProtector or other name
- Drag to Trash, and empty Trash
Apple said that the MacDefender attack is exploiting machines running OS X 10.4, 10.5 and 10.6. The company did not specify when the update will be available, but said that it will be delivered through the Software Update mechanism or the Support Downloads Web site.
In addition to the emergence of MacDefender, May saw the release of a Mac crimeware kit that is designed to help attackers build attack tools specifically for OS X.